[Solved] How to Get Root Access to CUCM and Any Cisco UC OS without Cisco TAC

Hello there, we have been discussing about Cisco Unified Communications Manager administration guides. A lot of time we may run into a situation where you need CUCM root access. Ideally CUCM root access is limited to only Cisco TAC team. The command line interface that we are getting while SSH to CUCM is not the root, instead it is just a modified version of CLI. We will be able to run some basic commands over there.

All most all Cisco UC OS built over a Red Hat Enterprise Linux platform. For CUCM, the underlying operating system is still Linux! Hence if you know little bit of Linux tweaking, you can apply this hack and get root access to CUCM without the help of Cisco TAC.

The purpose of getting root access is important once you fail with all your CUCM CLI general commands to fix a particular issue. Situations like CUCM DB Replication, Certificate issue, etc. sometimes cannot be fixed by “utils” commands. In such scenario you need Root access to CUCM. Root access can also be used to hack licenses in UC OS for test purpose.

Note: Do not try this hack on any production system, this article only for lab experiments. Cisco TAC never supports if you do some changes in the root. But it is good to understand the CUCM file structure and architecture via root.

Keeping that is in mind, let’s start our hack to unlock and jail-break CUCM for root access. I have tried this hack on CUCM 9.X, 10.5, 11.5 and all pass!

Tools & Skills Required

Linux Cent OS 7

Installed CUCM / any UC OS

Access to ESXi where CUCM is already installed

Basic Understanding of Linux Commands (No problem even you are new to Linux)

Step 1: Download Linux Cent OS

Download Cent OS 7 ISO from the following link.
Link: wiki.centos.org/Download
In any chance if the link is broken, get your Cent OS ISO from Google.
Now upload your Cent OS ISO file to ESXi Data Store.

Step 2: Edit CUCM Virtual Machine to Boot from CD

Login to ESXi where CUCM is already installed using VSphere client. Right click on the CUCM VM and go to Edit Settings.

Go to ‘Options’ tab and click ‘Boot Options’. Then check the box which says ‘The next time the virtual machine boots, force entry in to the BIOS setup screen’ >> OK
No go ahead and power on your CUCM Virtual Machine, the system will boot in to BIOS.

Step 3: Set Boot Device to CD-DVD ROM

Select CD-ROMDrive as the boot device (move it up) and hit F10 to Save.

Hit Enter for ‘Yes’ in the setup confirmation box.
System will boot in to CentOS Linux.

Step 4: Tweak CUCM Root Files from CentOS

Select ‘Troubleshooting’ from the screen as shown below.

From the troubleshooting menu, choose ‘Rescue a CentOS Linux system’ and hit enter.

Select Option 1 and proceed.
CentOS will perform a Rescue Mount.
Hit Enter key to get in to Shell.

Wow! Now you are at the Shell.

Now, enter the following commands,

1

2

3

4

chroot/mnt/sysimage

cd/etc

rm securetty

passwd root

At this point, you will be asked to enter new password for the root account. Please provide a complex password and confirm.

Let’s edit the ‘passwd’ file to get shell access to root account.
Type,

1

vi passwd

Change the first line from,

1

root:x:0:0:root:/root:/sbin/nologin

To,

1

root:x:0:0:root:/root:/bin/bash

To save this file, hit ‘Escape Key’ then type :wq as shown below.

Now you are back to Shell windows, type

1

vi ssh/sshd_config

Change the sshd_config file so you can SSH as root (it’s disabled by default).

Find the line, #PermitRootLogin yes and edit to PermitRootLogin yes
[Just remove the # from the beginning.]

Hit ‘Escape Key’ then type :wq! as shown below.

Again we are back to Shell window. Now let’s go ahead and Power off the system by issuing poweroff command

Now, power on the CUCM VM, you will be getting some warning about SELinux strict Policy. No worries, this will be auto completed!
Once it completely booted, try to SSH to the CUCM using root account.

Step 6: SSH to CUCM Root

Open your SSH client (I’m using Putty) and enter the IP of CUCM and SSH to it.

Login as: rootPassword: [Password you have configured in the Step 4]

Great! You are in the CUCM Root account now…. Cheers!
You may use cd .. command to move to Root directory as shown above.

If you are not a fan of CLI, we may use WinSCP to get root GUI for file access. Install WinSCP and login to CUCM via root account.

Change the directory to /<root>

Yes, We are done it… Play around with your CUCM root files. You can copy files, verify scripts, Hack license and much more. Options are limitless!. Please let me know your valuable comments and feedback about this article. Next article I would cover some License hack tutorials for CUCM. Please like our Facebook page to get latest update.